[Bug binutils/20499] gprof: segmentation fault on invalid symbol file

[nickc at redhat dot com]

https://sourceware.org/bugzilla/show_bug.cgi?id=20499

--- Comment #17 from Nick Clifton <nickc at redhat dot com> ---
(In reply to Tobias Stoeckmann from comment #13)
> The check alone does not prevent the integer overflow in xmalloc()s argument.

Good point.

> I would recommend to bail out when encountering a file that is simply too
> large to be sane.

Agreed.

> See my proposal for details. In fact, my initial patch got it wrong too,
> ignoring the overflow resulting due to multiplication with sizeof (Sym).

I have checked in your patch, with a couple of modifications: I added a
#include <limits.h> to get the definition of UINT_MAX, and I made
num_of_syms_in return -1 when the overflow happens then test for this result in
core_create_syms_from.  (It was either that or else pass sym_table_file into
num_of_syms_in).

You may notice that there were two commits.  The first once was for my proposed
patch, which I committed by mistake.  So I reverted it whilst applying your
patch.

So - are you happy to close this PR now ?

Cheers
  Nick

-- 
You are receiving this mail because:
You are on the CC list for the bug.